diff options
author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-12-04 00:01:54 +0000 |
---|---|---|
committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-12-04 00:01:54 +0000 |
commit | e205734535627c1336504d4bb75fd03df8b5e5fd (patch) | |
tree | c58e5ae6223ac9a2617a1d82ab9d01d2d8a16ad3 /sys | |
parent | 875aee99598fb2ecb3ce3d1290d0ff4e50bfb49b (diff) |
use siphash for trunk loadbalancing. ok deraadt
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/if_ethersubr.c | 3 | ||||
-rw-r--r-- | sys/net/if_trunk.c | 36 | ||||
-rw-r--r-- | sys/net/if_trunk.h | 7 | ||||
-rw-r--r-- | sys/net/trunklacp.c | 8 | ||||
-rw-r--r-- | sys/net/trunklacp.h | 4 |
5 files changed, 32 insertions, 26 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 555d326f4da..762d7986f77 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.181 2014/12/01 17:46:56 tedu Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.182 2014/12/04 00:01:53 tedu Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -87,6 +87,7 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>. #include <sys/syslog.h> #include <sys/timeout.h> +#include <crypto/siphash.h> /* required by if_trunk.h */ #include <net/if.h> #include <net/netisr.h> diff --git a/sys/net/if_trunk.c b/sys/net/if_trunk.c index d9c3c66bd01..e45bfb887c1 100644 --- a/sys/net/if_trunk.c +++ b/sys/net/if_trunk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_trunk.c,v 1.92 2014/12/01 15:06:54 mikeb Exp $ */ +/* $OpenBSD: if_trunk.c,v 1.93 2014/12/04 00:01:53 tedu Exp $ */ /* * Copyright (c) 2005, 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -28,7 +28,8 @@ #include <sys/sockio.h> #include <sys/systm.h> #include <sys/timeout.h> -#include <sys/hash.h> + +#include <crypto/siphash.h> #include <net/if.h> #include <net/if_arp.h> @@ -969,7 +970,7 @@ trunk_enqueue(struct ifnet *ifp, struct mbuf *m) } u_int32_t -trunk_hashmbuf(struct mbuf *m, u_int32_t key) +trunk_hashmbuf(struct mbuf *m, SIPHASH_KEY *key) { u_int16_t etype, ether_vtag; u_int32_t p = 0; @@ -983,25 +984,27 @@ trunk_hashmbuf(struct mbuf *m, u_int32_t key) u_int32_t flow; struct ip6_hdr *ip6, ip6buf; #endif + SIPHASH_CTX ctx; + SipHash24_Init(&ctx, key); off = sizeof(*eh); if (m->m_len < off) - return (p); + goto done; eh = mtod(m, struct ether_header *); etype = ntohs(eh->ether_type); - p = hash32_buf(&eh->ether_shost, ETHER_ADDR_LEN, key); - p = hash32_buf(&eh->ether_dhost, ETHER_ADDR_LEN, p); + SipHash24_Update(&ctx, &eh->ether_shost, ETHER_ADDR_LEN); + SipHash24_Update(&ctx, &eh->ether_dhost, ETHER_ADDR_LEN); /* Special handling for encapsulating VLAN frames */ if (m->m_flags & M_VLANTAG) { ether_vtag = EVL_VLANOFTAG(m->m_pkthdr.ether_vtag); - p = hash32_buf(ðer_vtag, sizeof(ether_vtag), p); + SipHash24_Update(&ctx, ðer_vtag, sizeof(ether_vtag)); } else if (etype == ETHERTYPE_VLAN) { if ((vlan = (u_int16_t *) trunk_gethdr(m, off, EVL_ENCAPLEN, &vlanbuf)) == NULL) return (p); ether_vtag = EVL_VLANOFTAG(*vlan); - p = hash32_buf(ðer_vtag, sizeof(ether_vtag), p); + SipHash24_Update(&ctx, ðer_vtag, sizeof(ether_vtag)); etype = ntohs(vlan[1]); off += EVL_ENCAPLEN; } @@ -1012,8 +1015,8 @@ trunk_hashmbuf(struct mbuf *m, u_int32_t key) if ((ip = (struct ip *) trunk_gethdr(m, off, sizeof(*ip), &ipbuf)) == NULL) return (p); - p = hash32_buf(&ip->ip_src, sizeof(struct in_addr), p); - p = hash32_buf(&ip->ip_dst, sizeof(struct in_addr), p); + SipHash24_Update(&ctx, &ip->ip_src, sizeof(struct in_addr)); + SipHash24_Update(&ctx, &ip->ip_dst, sizeof(struct in_addr)); break; #endif #ifdef INET6 @@ -1021,15 +1024,16 @@ trunk_hashmbuf(struct mbuf *m, u_int32_t key) if ((ip6 = (struct ip6_hdr *) trunk_gethdr(m, off, sizeof(*ip6), &ip6buf)) == NULL) return (p); - p = hash32_buf(&ip6->ip6_src, sizeof(struct in6_addr), p); - p = hash32_buf(&ip6->ip6_dst, sizeof(struct in6_addr), p); + SipHash24_Update(&ctx, &ip6->ip6_src, sizeof(struct in6_addr)); + SipHash24_Update(&ctx, &ip6->ip6_dst, sizeof(struct in6_addr)); flow = ip6->ip6_flow & IPV6_FLOWLABEL_MASK; - p = hash32_buf(&flow, sizeof(flow), p); /* IPv6 flow label */ + SipHash24_Update(&ctx, &flow, sizeof(flow)); /* IPv6 flow label */ break; #endif } - return (p); +done: + return SipHash24_End(&ctx); } void @@ -1405,7 +1409,7 @@ trunk_lb_attach(struct trunk_softc *tr) tr->tr_init = NULL; tr->tr_stop = NULL; - lb->lb_key = arc4random(); + arc4random_buf(&lb->lb_key, sizeof(lb->lb_key)); tr->tr_psc = (caddr_t)lb; return (0); @@ -1463,7 +1467,7 @@ trunk_lb_start(struct trunk_softc *tr, struct mbuf *m) struct trunk_port *tp = NULL; u_int32_t p = 0; - p = trunk_hashmbuf(m, lb->lb_key); + p = trunk_hashmbuf(m, &lb->lb_key); p %= tr->tr_count; tp = lb->lb_ports[p]; diff --git a/sys/net/if_trunk.h b/sys/net/if_trunk.h index 0a2a6b647a3..81f7121681d 100644 --- a/sys/net/if_trunk.h +++ b/sys/net/if_trunk.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_trunk.h,v 1.18 2013/11/18 09:16:30 mpi Exp $ */ +/* $OpenBSD: if_trunk.h,v 1.19 2014/12/04 00:01:53 tedu Exp $ */ /* * Copyright (c) 2005, 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -214,16 +214,15 @@ struct trunk_softc { #define IFCAP_TRUNK_FULLDUPLEX 0x00010000 /* full duplex with >1 ports */ /* Private data used by the loadbalancing protocol */ -#define TRUNK_LB_MAXKEYS 8 struct trunk_lb { - u_int32_t lb_key; + SIPHASH_KEY lb_key; struct trunk_port *lb_ports[TRUNK_MAX_PORTS]; }; int trunk_input(struct ifnet *, struct ether_header *, struct mbuf *); int trunk_enqueue(struct ifnet *, struct mbuf *); -u_int32_t trunk_hashmbuf(struct mbuf *, u_int32_t); +u_int32_t trunk_hashmbuf(struct mbuf *, SIPHASH_KEY *); #endif /* _KERNEL */ #endif /* _NET_TRUNK_H */ diff --git a/sys/net/trunklacp.c b/sys/net/trunklacp.c index fb4c7a35432..4094df0165b 100644 --- a/sys/net/trunklacp.c +++ b/sys/net/trunklacp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trunklacp.c,v 1.17 2014/11/23 07:39:02 deraadt Exp $ */ +/* $OpenBSD: trunklacp.c,v 1.18 2014/12/04 00:01:53 tedu Exp $ */ /* $NetBSD: ieee8023ad_lacp.c,v 1.3 2005/12/11 12:24:54 christos Exp $ */ /* $FreeBSD:ieee8023ad_lacp.c,v 1.15 2008/03/16 19:25:30 thompsa Exp $ */ @@ -41,6 +41,8 @@ #include <sys/queue.h> #include <sys/timeout.h> +#include <crypto/siphash.h> + #include <net/if.h> #include <net/if_dl.h> #include <net/ethertypes.h> @@ -732,7 +734,7 @@ lacp_attach(struct trunk_softc *sc) sc->tr_psc = (caddr_t)lsc; lsc->lsc_softc = sc; - lsc->lsc_hashkey = arc4random(); + arc4random_buf(&lsc->lsc_hashkey, sizeof(lsc->lsc_hashkey)); lsc->lsc_active_aggregator = NULL; TAILQ_INIT(&lsc->lsc_aggregators); LIST_INIT(&lsc->lsc_ports); @@ -799,7 +801,7 @@ lacp_select_tx_port(struct trunk_softc *sc, struct mbuf *m) return (NULL); } - hash = trunk_hashmbuf(m, lsc->lsc_hashkey); + hash = trunk_hashmbuf(m, &lsc->lsc_hashkey); hash %= pm->pm_count; lp = pm->pm_map[hash]; diff --git a/sys/net/trunklacp.h b/sys/net/trunklacp.h index bdee00b27c1..12d94fe0595 100644 --- a/sys/net/trunklacp.h +++ b/sys/net/trunklacp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: trunklacp.h,v 1.7 2013/10/24 18:50:16 deraadt Exp $ */ +/* $OpenBSD: trunklacp.h,v 1.8 2014/12/04 00:01:53 tedu Exp $ */ /* $NetBSD: ieee8023ad_impl.h,v 1.2 2005/12/10 23:21:39 elad Exp $ */ /* @@ -229,7 +229,7 @@ struct lacp_softc { LIST_HEAD(, lacp_port) lsc_ports; struct lacp_portmap lsc_pmap[2]; volatile u_int lsc_activemap; - u_int32_t lsc_hashkey; + SIPHASH_KEY lsc_hashkey; }; #define LACP_TYPE_ACTORINFO 1 |